At a recent cybersecurity conference, a Google Threat Intelligence leader delivered a message that should fundamentally change how we think about fighting fraud: "We cannot make intel sharing the goal. The goal has to be disruption."
This isn't just semantic difference. It represents a complete shift in philosophy from defensive prevention to proactive disruption which explains why traditional approaches to fighting the $442 billion global scam crisis (we've documented) are failing.
The Scale Google Sees: Billions with a B
When Google acquired Mandiant, the threat intelligence team gained something unprecedented: visibility into threats affecting "billions with a B" users across the entire Alphabet ecosystem.
From that vantage point, they're watching something that should terrify us all: the rapid adoption of AI by threat actors is happening faster than the adoption of AI for defense.
What Google is Tracking:
- AI-powered social engineering (better phishing, sophisticated deepfakes)
- "vibe coding" (natural language malware creation lowering barriers to entry)
- automated intrusion activity (AI making real-time hacking decisions)
- AI-powered vulnerability research (automated zero-day discovery)
- malware that calls AI models for commands (seen in the wild from Russian military)
This isn't theoretical research. This is happening right now in active cyber operations across the globe.
The $25 Million Deepfake: When Video Calls Can't Be Trusted
Perhaps the most chilling example Google shared: a finance worker paid out $25 million after having a video call with a deepfake CFO.
Think about that for a moment. The worker followed all the best practices:
- verified the request in a video call ✓
- saw the CFO's face in real-time ✓
- heard the CFO's voice ✓
- observed appropriate business context ✓
and still lost $25 million to fraud.
This is the fundamental problem with prevention-based thinking: when AI can eliminate every "warning sign" we've trained people to watch for, human judgment becomes the weakest link, not a reliable defense.
How The "Big Four" Nation-States Are Using AI
Google tracks threat actor use of their Gemini AI model across the globe, revealing fascinating patterns:
Iran: The Power Users
Iranian threat actors are trying to maximize Gemini's capabilities for:
- content localization into English and Hebrew
- military research (anti-drone tech, F-35 platforms)
- coding and scripting tasks
They're essentially using AI as an enhanced search engine combined with a development assistant.
China: Vulnerability Hunters
China-based threat actors are focused on:
- vulnerability research at scale
- reverse engineering popular EDR (Endpoint Detection and Response) tools
- real-time intrusion assistance (using AI to suggest next steps during active hacks)
That last point is particularly significant: imagine hacking into a network and when you reach a decision point, you ask an AI "what should I do next?" and it gives you tactical advice based on the current state of your intrusion. that's happening now.
North Korea: The Employment Scam at Scale
This one sounds almost unbelievable, but Google confirms it's very real: North Korean IT workers are successfully getting hired at Fortune 500 companies across the world.
How they're pulling it off:
- AI-generated false documents that pass initial screening
- deepfake profile images that look completely legitimate
- hired intermediaries to do video interviews (or deepfake the interviews)
- laptop farms that make it appear workers are in the U.S. when they're not
One North Korean operative in Europe was discovered to have nine different personas and was recommending themselves to each other within the same company.
The implications:
- yes, they're raising money for nuclear programs
- but more importantly: they now have privileged access inside hundreds, maybe thousands, of companies worldwide
- this is pre-positioning for future cyber operations or conflict
Russia: AI-Powered Malware in Ukraine
The first confirmed case of AI-powered malware in the wild: Russian military malware that calls out via API to a Chinese large language model to generate commands on the fly.
Why this matters:
- defeats static malware analysis (can't analyze code that doesn't exist yet)
- adapts in real-time to defensive measures
- frustrates incident response by generating unique behavior per infection
The Confidence Gap: Why Smart People Fall for Scams
Here's the paradox Google's data reveals:
- 73% of adults globally feel confident in their ability to recognize scams
- yet 57% still experienced a scam in the past year
The #1 reason victims cite for being deceived? "the scam was very realistic/believable" (21% of victims).
Ineffective Tactics People Rely On:
Most common verification methods that AI now defeats:
- checking for spelling/grammar errors (27% use this): AI eliminates this signal
- looking for reviews on the same website (24%): easily faked
- checking if company is on social media (21%): trivial to create
Even high-effectiveness tactics like "too good to be true" rules and independent review checks fail against sophisticated, AI-powered personalization at scale.
The Good News: AI vs. AI
Google isn't just documenting the problem. They're fighting back with AI, and they're starting to win specific battles.
Project "Big Sleep"
Google DeepMind and Project Zero collaborated on an AI system that proactively scans for vulnerabilities:
November 2024: found their first vulnerability that humans likely wouldn't have discovered in any reasonable timeframe.
A few months later: the real breakthrough.
The SQLite Zero-Day Story
This is the kind of disruption that changes the game:
- Google detected chatter in underground forums about a planned zero-day attack on SQLite (widely-used open-source database software)
- They did not know what the vulnerability was
- They deployed the "Big Sleep" AI to analyze SQLite source code
- AI found the vulnerability before the threat actors could exploit it
- Google reached out to SQLite team to patch it
- vulnerability neutralized before a single attack
This is disruption, not prevention. They didn't wait to detect an attack and respond. They proactively eliminated the attack vector before it could be weaponized.
The Intel Sharing Trap
Here's where the Google leader's message becomes crucial for everyone in cybersecurity:
"We have talked a lot in the past decade about info sharing and intel sharing... Looking at the statistics and looking at the rise of ransomware, the rise of espionage, and what we're going to be up against with the AI threat landscape in the future, it's going to be really critical that we move beyond intel sharing as if that's the goal."
Why Intel Sharing Isn't Enough:
- we haven't gotten anywhere using that mentality
- ransomware has increased despite better intel sharing
- espionage has evolved despite threat intelligence
- AI threats are accelerating faster than intel can keep up
The Real Goal: Disruption
"Intelligence is for decision makers to do something. It's not just to be the smartest people in the room about threats."
Google now has a dedicated disruption unit that:
- looks for partners to collaborate on takedowns
- finds opportunities to disrupt threat actor activity proactively
- operates legally and ethically with appropriate authorities
- does this at scale with willing industry partners
The philosophy: stop trying to be smart about threats. Start trying to eliminate threats.
Why This Matters for the Scam Crisis
Google's philosophy shift from prevention to disruption directly applies to the global scam epidemic.
Traditional Scam Prevention Asks:
- how do we identify scammers?
- how do we educate consumers?
- how do we detect fraud faster?
- how do we respond more effectively?
Disruptive Scam Defense Asks:
- how do we make scamming unprofitable?
- how do we eliminate the economic model?
- how do we preempt contact before manipulation begins?
- how do we change the fundamental math?
⚡ the key insight: just as Google uses AI to find vulnerabilities before attackers exploit them, economic incentives can make scam operations impossible before they reach victims.
How KarmaCall Disrupts, Not Just Prevents
KarmaCall applies the same "disruption over prevention" philosophy to communication fraud:
Prevention Approach (Traditional):
- reactive: detect scam after it arrives
- relies on: human judgment to recognize threats
- requires: constant updates as scams evolve
- outcome: reduces some fraud, but scammers adapt
Disruption Approach (KarmaCall):
- proactive: changes economics before scam can start
- relies on: math that scammers can't bypass
- requires: nothing from users except initial setup
- outcome: makes the scam business model unprofitable
The RefundableDeposit™ Disruption:
how it disrupts scam economics:
- unknown callers deposit tiny amounts (e.g., $0.001)
- legitimate callers get refunded when you engage (25+ second conversation)
- scam calls aren't engaged with so deposits aren't refunded
- scammers must pay per attempt at scale
- low response rates (<1%) make mass scamming economically impossible
why this is disruption:
- doesn't require detecting fraud (works before contact)
- doesn't rely on human judgment (math can't be socially engineered)
- doesn't need constant updates (economics don't change)
- doesn't wait for someone to get scammed (preemptive by design)
Legitimate Business Communications Benefit:
Just like Google's Big Sleep helps legitimate software by finding vulnerabilities first, KarmaCall's economics help legitimate businesses by:
- providing instant authentication (deposit demonstrates commitment)
- building trust (refund proves good faith)
- reducing friction for genuine communication
- creating positive ROI (small deposit refunded = customer acquisition cost)
The "Before Times" Warning
Google's leader offered a sobering prediction:
"I really do believe we're in the before times... As this technology gets better, we're going to see more sophisticated uses, and that automated vulnerability scanning and identification that can be done at scale can really create something that is different in the threat landscape than we've ever seen before."
What "Before Times" Means:
right now:
- AI-powered threats exist but haven't fundamentally changed incident response
- companies aren't seeing surges in intrusions
- "it's still about making sure that you've patched your vulnerabilities. it's still about not clicking on things. it's still about the basics."
coming soon:
- automated vulnerability exploitation at unprecedented scale
- AI-powered attacks that adapt faster than humans can respond
- threat landscape transformation requiring new defensive paradigms
The parallel to scams:
- right now: AI makes scams more believable, but basic caution still helps
- coming soon: AI personalization so sophisticated that human judgment fails entirely
This is why we need disruptive solutions deployed before that future arrives.
The Three-Part Defense Strategy
Based on Google's insights, effective defense requires three layers:
1. Infrastructure-Level Disruption
what Google is doing: takedowns, proactive vulnerability patching, threat actor disruption
what this looks like for scams: economic barriers at the network level, deposit requirements across communication channels, carrier-level fraud economics
2. AI-Powered Preemptive Defense
what Google is doing: Big Sleep finding vulnerabilities before exploitation
what this looks like for scams: economic models that prevent contact before manipulation begins
3. Cross-Sector Collaboration
what Google advocates: industry partnerships for coordinated disruption
what this looks like for scams: businesses, platforms, and users all adopting economic incentives that align interests
Why "The Basics" Won't Be Enough
Google emphasizes that right now, fundamentals still matter:
- patch your vulnerabilities
- don't click suspicious links
- use strong authentication
but here's the critical caveat: this only works "at this point." once AI-powered threats evolve further, basics become insufficient.
For Scams, We're Already Past "Basics Work":
- deepfake CFO stole $25 million despite video call verification
- 57% global victimization despite 73% confidence in scam recognition
- $442 billion annual losses despite widespread awareness campaigns
We're already in the future where prevention isn't enough. We need disruption now.
The North Korean IT Worker Lesson
The North Korean employment scam reveals something profound about modern threats:
What Traditional Security Would Do:
- try to detect fake resumes
- try to identify deepfake interviews
- try to catch false documents
- reactive at every step
What Disruptive Security Would Do:
- require economic verification that persists over time
- demand ongoing authentication not just at hiring
- create incentive structures that make infiltration unprofitable
- proactive by changing the economics
This parallels scam calls perfectly:
- prevention: try to identify each scam call
- disruption: make scam calling economically impossible
Real-World Proof: 500,000+ Disruptions
While Google is disrupting threats at the infrastructure level, KarmaCall is disrupting scam economics at the individual level:
- 500,000+ instant payments to users for blocking scam calls
- proven economic model that makes mass scamming unprofitable
- no reliance on detection or human judgment
- scales through adoption not regulatory change
This is disruption in action, not just prevention theory.
The Collaboration Imperative
Google's message about moving beyond intel sharing to active disruption partnerships applies to scam defense too.
What Doesn't Work:
- sharing threat intelligence about known scammers ❌
- educating consumers about warning signs ❌
- waiting for platforms to improve detection ❌
- hoping regulators will enforce penalties ❌
What Does Work:
- coordinated economic barriers across communication channels ✓
- shared incentive structures that align all parties ✓
- proactive disruption of scam business models ✓
- technology that doesn't require perfect coordination ✓
The Choice: Defense or Disruption
Google's leader laid out the choice clearly for cybersecurity professionals. The same choice exists for scam defense:
Defense Mindset:
- goal: stop threats we can detect
- method: improve detection and response
- outcome: perpetual arms race with attackers
- trajectory: falling behind as AI evolves
Disruption Mindset:
- goal: make threats economically or technically impossible
- method: change fundamental attack economics or eliminate vulnerabilities proactively
- outcome: attackers must find entirely new vectors
- trajectory: compounding defensive advantage over time
Taking Action: What You Can Do
Inspired by Google's disruption unit approach, here's how to move from prevention to disruption in your own scam defense:
For Individuals:
- stop relying on your ability to "spot" scams (AI defeats this)
- adopt economic disruption tools that work regardless of scam sophistication
- shift from "am I smart enough?" to "have I changed the economics?"
For Businesses:
- move from fraud detection to fraud economics
- consider deposit-based communication to demonstrate legitimacy
- participate in cross-sector disruption initiatives
For The Ecosystem:
- support companies building disruptive solutions, not just better detection
- advocate for economic approaches that complement technical ones
- collaborate on industry-wide adoption of economic barriers
The "Smartest People in the Room" Problem
Google's critique of intel sharing culture applies to scam defense too:
"Intelligence is for decision makers to do something. It's not just to be the smartest people in the room about threats."
In Scam Defense, This Manifests As:
- Endless articles documenting the crisis
- Detailed analysis of scam tactics
- Sophisticated reporting on fraud trends
- But limited actual disruption of scam operations
What Disruption Looks Like Instead:
- Fewer reports about the problem
- More deployment of solutions that change economics
- Less focus on being informed
- More focus on being protected
Conclusion: The Paradigm Shift
Google's message at the conference represents a fundamental shift in cybersecurity thinking:
old paradigm:
- share intelligence → improve detection → respond faster → reduce some fraud
new paradigm:
- identify vulnerabilities → eliminate them before exploitation → disrupt threat actor operations → make entire attack vectors impossible
For the $442 billion scam crisis, this means:
- stop trying to detect every scam
- stop trying to educate every person
- stop trying to respond faster
Start trying to:
- disrupt scam economics
- eliminate mass communication vectors
- preempt contact before manipulation
The Parallel is Exact:
Just as Google uses AI to find and patch vulnerabilities before threat actors exploit them, economic incentives can make scam operations unprofitable before they reach victims.
prevention: "how do we stop the attacks we can see?"
disruption: "how do we make the attack impossible to execute profitably?"
The "Before Times" Urgency
If Google is right that we're in the "before times" before AI truly transforms the threat landscape, then we need disruptive solutions deployed before that transformation completes.
Waiting Means:
- facing the full force of AI-powered scams with only prevention tools
- dealing with deepfakes so good that video calls can't be trusted
- experiencing automated, personalized fraud at unprecedented scale
- losing the window to establish economic barriers before threats evolve
Acting Now Means:
- economic infrastructure in place before AI scams peak
- disruptive tools normalized across communication channels
- network effects building as more people adopt economic defense
- compounding advantage as scam economics become increasingly impossible
Final Thought: From Intel to Action
Google's disruption unit represents the future of cybersecurity: moving from knowing about threats to actively eliminating them.
For the scam crisis, this means:
- We already know the scale ($442 billion/year)
- We already know the tactics (AI-powered personalization)
- We already know detection is failing (57% victimization despite 73% confidence)
What we need is disruption, not more intelligence.
KarmaCall exists because we believe the same thing Google's leader said: The goal cannot be to be the smartest people in the room about scams. The goal has to be making scams economically impossible.
Ready to Disrupt, Not Just Defend?
Stop trying to outsmart AI-powered scams. Start making them economically impossible.
Google's shift from intel sharing to active disruption reveals the future of cybersecurity. For the $442 billion scam crisis, that future means economic solutions that make fraud impossible, not just better detection of fraud that's already happening.
Inspired by Google Threat Intelligence conference presentation on AI threats and the disruption imperative. Key insights: moving beyond prevention to proactive elimination of threat vectors, using AI to find vulnerabilities before exploitation, and prioritizing disruption partnerships over intelligence sharing.
